This would require several generalizations; I'd like to see a non-root
mount with the necessary restrictions (nosuid, noexec, whatever)
(although from reading Bugtraq, I gather you have to be -real- careful.
I'd suggest making sure the user owned the mount point, not just checking
for r/w/no-suid access on it.) (nosuid because you don't want someone
mounting over /tmp, for example - one case where it's not always obvious)
NetBSD-current already does this.
Also, I'd like to see some kind of callback into user space (daemons?) to
handle userland debugging of filesystems. I know they'd be slower, but they'd
be less like to crash your system (and easier to debug), and there really
isn't any reason IMHO why a user can't access a file of hers as a fs hierarchy
of her own design if she really wants to. What do you people think?
You need to redesign lookup() a bit to do that, or you risk frequent
deadlocks.